Summary: | Device motion and orientation should only be visible from the main frame | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Dean Jackson <dino> | ||||||
Component: | New Bugs | Assignee: | Dean Jackson <dino> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | Normal | CC: | commit-queue, dbates, dustin.kerstein, mkwst, _ | ||||||
Priority: | P2 | ||||||||
Version: | WebKit Nightly Build | ||||||||
Hardware: | Unspecified | ||||||||
OS: | Unspecified | ||||||||
Attachments: |
|
Description
Dean Jackson
2015-10-12 18:32:56 PDT
Created attachment 262966 [details]
Patch
Comment on attachment 262966 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=262966&action=review r=me. I think the duplicated test code could be a method, or perhaps even just a local variable, but the patch is fine as-is. > Source/WebCore/page/DOMWindow.cpp:1717 > + || (m_frame->mainFrame().document() && document()->securityOrigin()->canAccess(m_frame->mainFrame().document()->securityOrigin())))) { It seems like this test (which is repeated three times in this patch) could work as a DOMWindow method (e.g., "bool DOMWindow::frameDoesHaveCompatibleSecurityOriginToMainFrame()") Created attachment 263018 [details]
Patch
Committed r191008: <http://trac.webkit.org/changeset/191008> Comment on attachment 263018 [details] Patch Clearing review flag as this patch was already landed per comment 5. Hi Dean, Brent and Daniel, I was actively using device motion and orientation from a child frame. Is there a possibility of allowing an opt-in method for enabling access to device motion and orientation for the child frame? As from my perspective I will always be serving my content requiring the device motion and orientation from a separate domain but always over HTTPS. I noticed there is already an open ticket regarding such here https://bugs.webkit.org/show_bug.cgi?id=152299 Just wanted to raise some awareness as this is quite critical to my business needs. Kind Regards, Stephen Underwood |